Tabular IoT Attack 2024 | Datasets | Research | Canadian Institute for Cybersecurity | UNB

Global Site Navigation (use tab and down arrow)

Canadian Institute for Cybersecurity
CIC

CIC-BCCC-NRC TabularIoTAttack-2024

The CIC-BCCC-NRC TabularIoTAttack-2024 dataset is a comprehensive collection of IoT network traffic data generated as part of an advanced effort to create a reliable source for training and testing AI-powered IoT cybersecurity models. This dataset is designed to address modern challenges in detecting and identifying IoT-specific cyberattacks, offering a rich and diverse set of labeled data that reflects realistic IoT network behaviours.

Dataset overview

The CIC-BCCC-NRC TabularIoTAttack-2024 dataset includes a variety of network traffic data, augmented to simulate IoT environments with high fidelity. It was generated using both real IoT devices and simulated attack scenarios, which were conducted in a controlled lab environment including nine common available datasets:

Year Original dataset Augmented name
2019 IoT Network Intrusion Dataset CIC-BCCC-NRC IoT-HCRL-2019
2020 MQTT-IoT-IDS-2020 CIC-BCCC-NRC MQTTIoT-IDS-2020
2021 TON IoT 2021 CIC-BCCC-NRC TONIoT-2021
2022 UQ IoT 2022 CIC-BCCC-NRC UQ-IoT-2022
2022 CIC IoT 2022 CIC-BCCC-NRC IoT-2022
2022 Edge-IIoTset CIC-BCCC-NRC Edge-IIoTset-2022
2023 CIC IoT 2023 CIC-BCCC-NRC IoT-2023
2023 ACI IoT Network Traffic Dataset 2023 CIC-BCCC-NRC ACI-IoT-2023
2024 CIC IoMT 2024 CIC-BCCC-NRC IoMT-2024

The dataset extracted a wide array of network characteristics using CICFlowMeter, with each record containing relevant features such as network flows, timestamps, source/destination IPs and attack labels.

Key features

  • Network Traffic Data: Collected from IoT devices under both benign and attack conditions.
  • Labeled Dataset: Each instance is labeled to denote whether it is normal traffic or malicious, including attack types such as DDoS, ransomware and data exfiltration.
  • Tabular Format: The dataset is presented in a tabular format to facilitate its use in machine learning tasks.
  • Comprehensive: Contains over 1 million records, with detailed feature extraction using CICFlowMeter.
  • Real-World Scenarios: Includes attack scenarios based on real-world IoT vulnerabilities and behaviour patterns.

Data generation methodology

  1. IoT Device Setup: A range of IoT devices, including cameras, smart lights and sensors, were deployed in different testbed environments from the selected original datasets.
  2. Network Traffic Capture: Network traffic was captured using the CICFlowMeter tool, which monitors and logs all inbound and outbound communications from these devices.
  3. Attack Simulation: Various attack scenarios were launched, including botnet-based Distributed Denial of Service (DDoS), ransomware, man-in-the-middle, and privilege escalation attacks in each selected dataset.
  4. Feature Extraction: Data points were augmented by extracting network flow features such as packet size, duration, byte counts and connection states using CICFlowMeter.
  5. Tabular Transformation: The raw network data was processed into a tabular format, ensuring compatibility with AI models designed for supervised learning tasks.
  6. Labeling: Each record was carefully labeled, identifying normal and attack traffic, with specific tags for different attack types from each selected dataset.

Citation

Tinshu Sasi, Arash Habibi Lashkari, Rongxing Lu, Pulei Xiong, Shahrear Iqbal, “An Efficient Self Attention-Based 1D-CNN-LSTM Network for IoT Attack Detection and Identification Using Network Traffic”, Journal of Information and Intelligence, 2024.

Download the dataset